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REMARKS/ARGUMENTS 

I. Introduction 

Applicant thanks the examiner for withdrawing the finality of the previous Office 

Action. 

• Claims 79-1 1 7 remain in this application. 

• Claims 79 and 99 are the only independent claims under review. 

• Claims 79-82, 97-100, 113, 116 and 117 stand rejected under 35 U.S.C. § 102(e). 

• Claims 83-88, 90-96, 101, 102, 104-108, 109-1 1 1 and 1 14 stand rejected under 35 
U.S.C. § 103(a) as being unpatentable over Angles et al. U.S. Patent No. 5,933,81 1 in 
view of Wiser et al. U.S. Patent No. 6,385,596. 

• Claims 89, 103, 1 12 and 1 15 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Angles in view of Wiser and further in view of Klingman U.S. 
Patent No. 5,729,594. 

II. In the claims 

A. Rejections under 35 USC § 102(e) are improper 

1 . The rejection to Independent Claim 79 is improper because 

Angles does not disclose "secure cookies." 

Angles does not disclose "secure cookies." Rather, Angles 
discloses the use of a conventional cookie as part of an online advertising 
system. The only security provided by the disclosed conventional cookie 
is an unencrypted variable called "secure." According to Angles on col. 
11, lines 23-25, "[i]f 'secure' is included in the cookie, then the cookie 
will only be transmitted over a secure network connection." Basically, 
conventional cookies as disclosed in Angles provide no other security than 
to request that a secure network connection be used. This lack of security 
is exactly the type of problem that the present invention (as disclosed and 
claimed) solves. 

In fact, the present application in the sections entitled "Security 
Concerns in Cookies" and "Security Threats to Cookies" {see specification 
page 6, paragraphs 1 and 2) describe Angles as having one of the 
problems that the present application solves. These paragraphs explain 
how simple unencrypted variables stored in cookies can be harvested and 
used to the detriment of a customer. This same section also points out that 
using a secure network connection, by itself, does not provide enough 
security to protect the customer. 
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The present application specifically defines that "[s]ecure cookies 
are constructed by using familiar cryptographic techniques, such as 
message digests, digital signatures, message authentication codes and 
secret-key encryption." (See application page 2, paragraph 2). Nowhere in 
Angles is a cookie constructed using any type of cryptographic 
techniques. 

The present application on page 7, paragraph 3 further defines that 
"secure cookies provide three types of security services: authentication 
services, integrity services, and confidentiality services. Authentication 
services verify the owner of the cookies. Integrity services protect against 
the threat that the contents of the cookies might be changed by 
unauthorized modification. Finally, confidentiality services protect 
against the values of the cookies being revealed to unauthorized entity." 
Nowhere in Angles is a cookie disclosed that provides these three types of 
security services. 

Because Angles fails to disclose the "secure cookies" limitation of 
independent claim 79, Angles does not disclose the same invention. 
Therefore, withdrawal of this rejection is respectfully requested. 

2. The rejection of Claim 81 is improper because Angles does not 

disclose an "authentication cookie." 

Angles does not disclose an "authentication cookie." An 
authentication cookie is defined in the present application on page 12, last 
paragraph as an IP Cookie, a Pswd Cookie, a KT Cookie, or a Sign 
Cookie. An IP Cookie (address based authentication) is created when a 
server grabs the user's IP address and puts it into the IP Cookie using 
internal procedures. (See specification page 8, paragraph 1). A Pswd 
Cookie (password based authentication) is created when a server places a 
user's password and puts it into the IP Cookie using internal procedures 
such as a hash or encryption. (See specification page 8, paragraph 4). A 
KT Cookie (Kerberos based authentication) is created when a server 
creates a cookie that can be used in a Kerberos protocol. (See 
specification page 8, paragraph 5 through page 9, paragraph 6). A Sign 
Cookie (digital signature based authentication) uses a timestamp signed by 
a user. (See specification page 9, paragraph 6). 

In making this rejection, the examiner brings attention to col. 10, 
line 20 to col. 11, line 65 of Angles. Nowhere in this section is an 
authentication cookie (i.e., an IP Cookie, a Pswd Cookie, a KT Cookie or 
a Sign Cookie) referenced. This section of Angles only discloses a 
consumer member code assigned by a third computer and stored on a 
consumer PC in a cookie. All of this is conventional use of an unsecured 
cookie. 
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Because Angles fails to disclose the "authentication cookies" 
limitations of claim 81, withdrawal of this rejection is respectfully 
solicited. 

3. The rejection of Claim 82 is improper because Angles does not 
disclose a "secure attribute service." 

Dependent claim 82 is further limiting the "secure attribute 
service." Angles does not disclose a secure attribute service as defined in 
the present invention. In the present invention, "secure cookies enable 
secure attribute services between existing Web servers and browsers." It 
is this use of secure cookies that "facilitates secure attribute services on 
the Web." {See page 2, paragraph 2 of the specification). Because Angles 
does not disclose secure cookies as argued in section 11(A)(1) above, 
Angles cannot disclose a "secure attribute service." 

Because Angles fails to disclose the "secure attribute service" 
limitations of claim 79, withdrawal of this rejection is respectfully 
solicited. 

4. The rejection of Claims 79, 98, and 1 16 are improper because 
Angles does not disclose any "secure cookies" being used to assign client 
roles. 

The examiner refers to col. 11, line 5 through col. 12, line 60 to 
support the rejection of Claims 79, 98, and 1 1 6. However, a careful read 
of these paragraphs only shows the assignment of a consumer member 
code by a third advertising computer (not part of the present invention) 
that is used by a conventional (i.e., not secure) cookie. Angles is not 
assigning a role as per the present invention, but rather as having a 
computer outside the scope of the present invention assign an identifier to 
a process whose role has already been defined. Therefore, withdrawal of 
these rejections is respectfully solicited. 

5. The rejection of Claim 99 is improper because Angles does not 
disclose "secure cookies" used in steps as specifically laid out in the 
claim. 

In addition to the arguments regarding the fact that Angles does 
not disclose "secure cookies" {see section 11(A)(1) above), the examiner 
has not shown the steps as specifically laid out in Claim 99. For each 
particular step, the examiner has referred to independent paragraphs or 
figures in Angles. For example, the examiner first makes the assumption 
from figure 4 that a client first makes a request from a server as claimed. 
Figure 4 does show a server and a client interconnected, but figure 4 also 
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shows many other interconnections to a third advertising computer that is 
essential to Angles and not essential to the present invention. Nowhere in 
this figure is there an indication that the transfer of secure data on a 
network starts with a client making a request from a server. 

Next, the examiner pieces together col. 10, lines 20-59 of Angles 
to show a server retrieving conforming client data in response to the client 
request. This section of Angles only describes possible hardware and 
software that may be used in the Angles invention. There are no steps 
recited here. This rejection continues in this same manner. 

In summary, because Angles does not disclose every step in the 
order in which it is claimed, Angles does not disclose the invention 
claimed in Claim 99. Therefore, withdrawal of this rejection is 
respectfully solicited. 

6. The rejection of Claims 80-98 and 100-1 17 are improper because 

they depend upon independent claims 79 and 99. 

The Office Action does not establish a prima facie case of 
anticipation of Claims 80-98 and Claims 100-1 17. Based upon the 
previous arguments, it is believed that independent Claims 79 and 99 are 
now in condition for allowance. Claims 80-98 and 100-1 17 depend on 
claims 79 and 99 respectively, and hence contain all of the limitations of 
their base claims. Therefore, withdrawal of these rejections is respectfully 
solicited. 

B. Rejections under 35 USC §103 are improper 

1. The rejection of Claims 83-88, 90-96, 101, 102, 104-108, 109-111 
and 1 14 under 35 U.S.C. § 103(a) as being unpatentable over Angles in 
view of Wiser are improper because they all depend upon independent 
claims 79 and 99. 

Based upon the arguments above, Applicant believes that the 
arguments made in the previous section 11(A) apply equally well to the 35 
U.S.C. § 103(a) rejections. These arguments overcome the rejections to 
independent claims 79 and 99 respectfully. Because Claims 83-88 and 
90-96 ultimately depend upon independent claim 79 and Claims 101, 102, 
104-108, 109-1 1 1 and 1 14 ultimately depend upon independent claim 99, 
the rejections of all of these claims are improper. Therefore, withdrawal 
of these rejections is respectfully solicited. 

2. The rejection of Claims 83-88, 90-96, 101, 102, 104-108, 109-111 
and 1 14 under 35 U.S.C. § 103(a) as being unpatentable over Angles in 



-5- 



AppL No. 09/451,090 

Amdt. dated Oct. 27, 2003 

Reply to Office Action of April 9, 2003 



view of Wiser are improper because they appear to be based on 
impermissible hindsight. 

Obviousness can only be established by combining or modifying 
the teachings of the prior art to produce the claimed invention where 
there is some teaching, suggestion, or motivation to do so found either 
in the references themselves or in the knowledge generally available to 
one of ordinary skill in the art. In re Fine, 837 F.2d 1071, 5 USPQ2d 
1596 (Fed. Cir. 1988); In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. 
Cir. 1992). See also MPEP 2143.01. It should be recognized that the fact 
that the prior art could be modified so as to result in the combination 
defined by the claims at bar would not have made the modification 
obvious unless the prior art suggests the desirability of the modification. 
In re Deminski, 796 F.2d 436, 230 USPQ 3 1 3 (Fed. Cir. 1 986). 
Recognizing after the fact that such a modification would provide an 
improvement or advantage, without suggestion thereof by the prior art, 
rather than dictating a conclusion of obviousness, is an indication of 
improper application of hindsight considerations. Simplicity and 
hindsight are not proper criteria for resolving obviousness. In re Warner, 
379 F.2d 1011, 154 USPQ 173 (CCPA 1967). 

Because the present invention and Wiser are so different, it would 
not have been obvious to one skilled in the art to combine aspects of 
Wiser to aspects of the present invention. The present invention and 
Wiser perform different functions. The present invention and Wiser have 
different purposes and operate in vastly different architectures using vastly 
different methods. Wiser is a computer implemented online music 
distribution system for secure delivery of media files for use on 
predetermined media players. The present invention relates to the creation 
and use of independent secure cookies between a server and a client. 

Objects disclosed in Wiser are not the same as objects disclosed in 
the present invention. Wiser requires three distinct objects that are 
essential to Wiser in performing its stated goal of secure media delivery 
and use, whereas the present invention may perform its stated goal of 
enabling the transfer of secure data on a network between a client 
(singular) and a server using a secure cookie. The three Wiser objects are: 
media content, a media voucher object and a passport object. {See Wiser, 
col. 6, lines 36-47.) None of these Wiser objects is the same or equivalent 
to the secure cookies disclosed in the present invention. 

Wiser's media content (object) is stored in media data files that are 
encrypted when purchased, using encryption keys of the purchasers, 
whereas the present invention does not require that any of its objects be 
stored in any other type of file, especially purchased files. Further, the 
present invention does not require the encryption of any shell file. No 
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# 



objects disclosed in the present invention are intended to be encapsulated 
in media files. 

Wiser 5 s media voucher object is created by a content manager, 
then passed to an intermediary server, who then forwards it to an 
intermediary web browser, who then passes it to a media player, for whom 
it is intended. (See Wiser, col. 8, lines 19-41.) The objects disclosed in 
the present invention are created directly by a server and then transmitted 
directly to their intended client user. 

Wiser' s passport object is also not created by a server like the 
objects in the present invention. In fact, the passport is issued by a 
licensing center as a prerequisite for any media file transactions. (See 
Wiser, col. 8, lines 43 to col. 9, line 37.) In contrast, a server in the 
present invention creates objects when and as they are needed when 
interacting with a client. 

Because the rejection of these claims is based upon impermissible 
hindsight, withdrawal of these rejections is respectfully solicited. 

3. The rejection of Claims 105-107 and 1 10 are improper because the 
examiner used an unspecified reference. 

On page 7 of the Office Action, the examiner states that "[i]t 
would have been obvious to one of the ordinary skill in the art at the time 
the invention was made to implement Wiser 5 s teachings into the computer 
system of Rangaraian ." Applicant is unaware of the Rangarajan reference; 
therefore, Applicant would appreciate more specific information regarding 
this reference. 

4. The rejection of Claims 89, 103, 112 and 1 1 5 are improper because 
they appear to be based on the combination of multiple references 
pieced together using impermissible hindsight. 

Claims 89, 103, 1 12 and 1 15 were rejected under 35 U.S.C. § 
103(a) as being unpatentable under Angles in view of Wiser and further in 
view of Klingman U.S. Patent No. 5,729,594. The mere fact that 
references can be combined does not render the resultant combination 
obvious, unless the prior art also suggests the desirability of the 
combination. In re Koizab, 217 F.3d 1365, 1371, 55 USPQ2d 1313, 1318 
(Fed. Cir. 2000). There is no suggestion in the teachings of Angles, 
Wiser or Klingman, either singularly or in combination, to combine a KT 
Cookie and Kerberos ticket. In fact, the examiner implied that because 
Klingman (see col. 3, lines 5-60) discloses that Kerberos private key 
cryptography has been used in a check writing system, that it would be 
obvious to use Kerberos technology in secure cookies. Applicant suggests 
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that the disclosure of this stand-alone application actually teaches away 
from using more advanced mechanisms such as secure cookies. 

Because there is no suggestion to combine Angles, Wiser, and 
Klingman, withdrawal of these rejections is respectfully solicited. 



G Remaining prior art references of record 

Applicant would like to thank the examiner for his consideration of United States 
Patent No. 6,41 1,998 to Bryant et al., entitled "World wide web internet delay monitor." 
However, applicant asserts that like Angles, this patent only discloses conventional 
cookies and does not disclose secure cookies or any security measures relating to cookies. 
Therefore, this patent cannot anticipate the present invention as disclosed and claimed. 



D. Conclusion 



For all of the reasons advanced above, Applicant respectfully submits that the 
application is in condition for allowance and that action is respectfully solicited. If there 
are any outstanding issues that might be resolved by an interview or an Examinees 
amendment, the Examiner is requested to call Applicants' agent at the telephone number 
shown below. 

The Commissioner is hereby authorized to charge any additional fees, which may 
be required, or credit any overpayment, to Deposit Account No. 501450. 

In the event that an extension of time is required, or may be required in addition 
to that requested in a petition for an extension for time, the Commissioner is requested to 
grant a petition for that extension of time which is required to make this response timely 
and is hereby authorized to charge any fee for such an extension of time or credit any 
overpayment for an extension of time to Deposit Account No. 501450. 



Respectfully submitted, 




David G. Grossman 
Registration No. 42,609 



Date: October 27, 2003 



George Mason University 

Office of Technology Transfer, MSN 5G5 

4400 University Drive 

Fairfax, VA 22030 

(703) 338-6333 
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